Closed capsia37 closed 3 years ago
noxify
commented
3 years ago Hey @capsia37
thanks for reporting.
I was able to reproduce the error locally with your markdown image download branch.
The problem was the new version of image-download.
For now i have pinned the version to 1.3.0.
On my local maschine ( with node 14.16 --> you have 14.15 at gitlab ci ) i was able to run the build command successfully.
If this doesn't solve your problem, feel free to reopen the ticket.
capsia37
commented
3 years ago Thank you! Now it works great!
I've noticed that it is showing 4 vulnerabilities, but otherwise it is working very well.
# npm audit report
url-regex *
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1550
No fix available
node_modules/url-regex
is-url-superb <=3.0.0
Depends on vulnerable versions of url-regex
node_modules/is-url-superb
image-download >=1.1.0
Depends on vulnerable versions of is-url-superb
node_modules/image-download
@noxify/gridsome-plugin-remark-image-download
Depends on vulnerable versions of image-download
node_modules/@noxify/gridsome-plugin-remark-image-download
4 high severity vulnerabilities@capsia37 - have seen this vulnerabilities, too.
It seems that image-download uses an outdated version of is-url-superb - Used version is ^2.0.0.
In the latest version of is-url-superb ( 5.0.0 ) they removed the dependency to url-regex.
The vulnerability is high but i think it's not critical in our use case.
Hi, my current build fails with the following error:
TypeError: imageDownload is not a functionFor the full log you can check: https://gitlab.com/ubports/infrastructure/devices.ubuntu-touch.io/-/jobs/1121427235
Code and configuration is available at: https://gitlab.com/ubports/infrastructure/devices.ubuntu-touch.io/-/tree/markdown-image-download
I have configured the plugin as written in the readme, if you think I've made a mistake in configuration let me know.
Thank you!